<!DOCTYPE html>
<html lang="zh-CN">
<head>
  <meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1, maximum-scale=2">
<meta name="theme-color" content="#222">
<meta name="generator" content="Hexo 3.9.0">
  <link rel="apple-touch-icon" sizes="180x180" href="/images/apple-touch-icon-next.png">
  <link rel="icon" type="image/png" sizes="32x32" href="/images/favicon-32x32-next.png">
  <link rel="icon" type="image/png" sizes="16x16" href="/images/favicon-16x16-next.png">
  <link rel="mask-icon" href="/images/logo.svg" color="#222">

<link rel="stylesheet" href="/css/main.css">

<link rel="stylesheet" href="https://fonts.loli.net/css?family=Lato:300,300italic,400,400italic,700,700italic&display=swap&subset=latin,latin-ext">
<link rel="stylesheet" href="/lib/font-awesome/css/all.min.css">

<script id="hexo-configurations">
    var NexT = window.NexT || {};
    var CONFIG = {"hostname":"monocy.gitee.io","root":"/","scheme":"Gemini","version":"7.8.0","exturl":false,"sidebar":{"position":"left","display":"post","padding":18,"offset":12,"onmobile":false},"copycode":{"enable":true,"show_result":true,"style":"mac"},"back2top":{"enable":true,"sidebar":true,"scrollpercent":true},"bookmark":{"enable":false,"color":"#222","save":"auto"},"fancybox":false,"mediumzoom":true,"lazyload":true,"pangu":false,"comments":{"style":"tabs","active":"valine","storage":true,"lazyload":true,"nav":null,"activeClass":"valine"},"algolia":{"hits":{"per_page":10},"labels":{"input_placeholder":"Search for Posts","hits_empty":"We didn't find any results for the search: ${query}","hits_stats":"${hits} results found in ${time} ms"}},"localsearch":{"enable":true,"trigger":false,"top_n_per_article":5,"unescape":false,"preload":false},"motion":{"enable":true,"async":false,"transition":{"post_block":"fadeIn","post_header":"slideDownIn","post_body":"slideDownIn","coll_header":"slideLeftIn","sidebar":"slideUpIn"}},"path":"search.xml"};
  </script>

  <meta name="description" content="前言文章转载自 linux 防火墙使用以及配置，使用方法大同小异，在此转载一篇做个笔记。">
<meta name="keywords" content="Linux">
<meta property="og:type" content="article">
<meta property="og:title" content="Linux 防火墙的使用和配置（转载）">
<meta property="og:url" content="https://monocy.gitee.io/2020/07/09/Linux-防火墙的使用和配置（转载）/index.html">
<meta property="og:site_name" content="沐光">
<meta property="og:description" content="前言文章转载自 linux 防火墙使用以及配置，使用方法大同小异，在此转载一篇做个笔记。">
<meta property="og:locale" content="zh-CN">
<meta property="og:updated_time" content="2021-06-30T15:25:42.952Z">
<meta name="twitter:card" content="summary">
<meta name="twitter:title" content="Linux 防火墙的使用和配置（转载）">
<meta name="twitter:description" content="前言文章转载自 linux 防火墙使用以及配置，使用方法大同小异，在此转载一篇做个笔记。">

<link rel="canonical" href="https://monocy.gitee.io/2020/07/09/Linux-防火墙的使用和配置（转载）/">


<script id="page-configurations">
  // https://hexo.io/docs/variables.html
  CONFIG.page = {
    sidebar: "",
    isHome : false,
    isPost : true,
    lang   : 'zh-CN'
  };
</script>

  <title>Linux 防火墙的使用和配置（转载） | 沐光</title>
  






  <noscript>
  <style>
  .use-motion .brand,
  .use-motion .menu-item,
  .sidebar-inner,
  .use-motion .post-block,
  .use-motion .pagination,
  .use-motion .comments,
  .use-motion .post-header,
  .use-motion .post-body,
  .use-motion .collection-header { opacity: initial; }

  .use-motion .site-title,
  .use-motion .site-subtitle {
    opacity: initial;
    top: initial;
  }

  .use-motion .logo-line-before i { left: initial; }
  .use-motion .logo-line-after i { right: initial; }
  </style>
</noscript>

</head>

<body itemscope itemtype="http://schema.org/WebPage">
  <div class="container use-motion">
    <header class="header" itemscope itemtype="http://schema.org/WPHeader">
      <div class="header-inner"><div class="site-brand-container">
  <div class="site-nav-toggle">
    <div class="toggle" aria-label="切换导航栏">
      <span class="toggle-line toggle-line-first"></span>
      <span class="toggle-line toggle-line-middle"></span>
      <span class="toggle-line toggle-line-last"></span>
    </div>
  </div>

  <div class="site-meta">

    <a href="/" class="brand" rel="start">
      <span class="logo-line-before"><i></i></span>
      <h1 class="site-title">沐光</h1>
      <span class="logo-line-after"><i></i></span>
    </a>
      <p class="site-subtitle" itemprop="description">记录在前端之路的点点滴滴</p>
  </div>

  <div class="site-nav-right">
    <div class="toggle popup-trigger">
        <i class="fa fa-search fa-fw fa-lg"></i>
    </div>
  </div>
</div>




<nav class="site-nav">
  <ul id="menu" class="main-menu menu">
        <li class="menu-item menu-item-home">

    <a href="/" rel="section"><i class="fa fa-home fa-fw"></i>首页</a>

  </li>
        <li class="menu-item menu-item-about">

    <a href="/about/" rel="section"><i class="fa fa-user fa-fw"></i>关于</a>

  </li>
        <li class="menu-item menu-item-tags">

    <a href="/tags/" rel="section"><i class="fa fa-tags fa-fw"></i>标签<span class="badge">31</span></a>

  </li>
        <li class="menu-item menu-item-categories">

    <a href="/categories/" rel="section"><i class="fa fa-th fa-fw"></i>分类<span class="badge">15</span></a>

  </li>
        <li class="menu-item menu-item-archives">

    <a href="/archives/" rel="section"><i class="fa fa-archive fa-fw"></i>归档<span class="badge">61</span></a>

  </li>
      <li class="menu-item menu-item-search">
        <a role="button" class="popup-trigger"><i class="fa fa-search fa-fw"></i>搜索
        </a>
      </li>
  </ul>
</nav>



  <div class="search-pop-overlay">
    <div class="popup search-popup">
        <div class="search-header">
  <span class="search-icon">
    <i class="fa fa-search"></i>
  </span>
  <div class="search-input-container">
    <input autocomplete="off" autocapitalize="off"
           placeholder="搜索..." spellcheck="false"
           type="search" class="search-input">
  </div>
  <span class="popup-btn-close">
    <i class="fa fa-times-circle"></i>
  </span>
</div>
<div id="search-result">
  <div id="no-result">
    <i class="fa fa-spinner fa-pulse fa-5x fa-fw"></i>
  </div>
</div>

    </div>
  </div>

</div>
    </header>

    
  <div class="reading-progress-bar"></div>

  <a href="https://github.com/kazehaiya" class="github-corner" title="Follow me on GitHub" aria-label="Follow me on GitHub" rel="noopener" target="_blank"><svg width="80" height="80" viewBox="0 0 250 250" aria-hidden="true"><path d="M0,0 L115,115 L130,115 L142,142 L250,250 L250,0 Z"></path><path d="M128.3,109.0 C113.8,99.7 119.0,89.6 119.0,89.6 C122.0,82.7 120.5,78.6 120.5,78.6 C119.2,72.0 123.4,76.3 123.4,76.3 C127.3,80.9 125.5,87.3 125.5,87.3 C122.9,97.6 130.6,101.9 134.4,103.2" fill="currentColor" style="transform-origin: 130px 106px;" class="octo-arm"></path><path d="M115.0,115.0 C114.9,115.1 118.7,116.5 119.8,115.4 L133.7,101.6 C136.9,99.2 139.9,98.4 142.2,98.6 C133.8,88.0 127.5,74.4 143.8,58.0 C148.5,53.4 154.0,51.2 159.7,51.0 C160.3,49.4 163.2,43.6 171.4,40.1 C171.4,40.1 176.1,42.5 178.8,56.2 C183.1,58.6 187.2,61.8 190.9,65.4 C194.5,69.0 197.7,73.2 200.1,77.6 C213.8,80.2 216.3,84.9 216.3,84.9 C212.7,93.1 206.9,96.0 205.4,96.6 C205.1,102.4 203.0,107.8 198.3,112.5 C181.9,128.9 168.3,122.5 157.7,114.1 C157.9,116.9 156.7,120.9 152.7,124.9 L141.0,136.5 C139.8,137.7 141.6,141.9 141.8,141.8 Z" fill="currentColor" class="octo-body"></path></svg></a>


    <main class="main">
      <div class="main-inner">
        <div class="content-wrap">
          

          <div class="content post posts-expand">
            

    
  
  
  <article itemscope itemtype="http://schema.org/Article" class="post-block" lang="zh-CN">
    <link itemprop="mainEntityOfPage" href="https://monocy.gitee.io/2020/07/09/Linux-防火墙的使用和配置（转载）/">

    <span hidden itemprop="author" itemscope itemtype="http://schema.org/Person">
      <meta itemprop="image" content="/images/avatar.jpg">
      <meta itemprop="name" content="蔡胤">
      <meta itemprop="description" content="Just do IT!">
    </span>

    <span hidden itemprop="publisher" itemscope itemtype="http://schema.org/Organization">
      <meta itemprop="name" content="沐光">
    </span>
      <header class="post-header">
        <h1 class="post-title" itemprop="name headline">
          Linux 防火墙的使用和配置（转载）
        </h1>

        <div class="post-meta">
              <span class="post-meta-item">
                <span class="post-meta-item-icon">
                  <i class="far fa-calendar-check"></i>
                </span>
                <span class="post-meta-item-text">更新于</span>
                <time title="修改时间：2021-06-30 23:25:42" itemprop="dateModified" datetime="2021-06-30T23:25:42+08:00">2021-06-30</time>
              </span>
            <span class="post-meta-item">
              <span class="post-meta-item-icon">
                <i class="far fa-folder"></i>
              </span>
              <span class="post-meta-item-text">分类于</span>
                <span itemprop="about" itemscope itemtype="http://schema.org/Thing">
                  <a href="/categories/Linux/" itemprop="url" rel="index"><span itemprop="name">Linux</span></a>
                </span>
            </span>

          
  
  <span class="post-meta-item">
    
      <span class="post-meta-item-icon">
        <i class="far fa-comment"></i>
      </span>
      <span class="post-meta-item-text">Valine：</span>
    
    <a title="valine" href="/2020/07/09/Linux-防火墙的使用和配置（转载）/#valine-comments" itemprop="discussionUrl">
      <span class="post-comments-count valine-comment-count" data-xid="/2020/07/09/Linux-防火墙的使用和配置（转载）/" itemprop="commentCount"></span>
    </a>
  </span>
  
  
            <span class="post-meta-item" title="本文字数">
              <span class="post-meta-item-icon">
                <i class="far fa-file-word"></i>
              </span>
                <span class="post-meta-item-text">本文字数：</span>
              <span>3k</span>
            </span>
            <span class="post-meta-item" title="阅读时长">
              <span class="post-meta-item-icon">
                <i class="far fa-clock"></i>
              </span>
                <span class="post-meta-item-text">阅读时长 &asymp;</span>
              <span>3 分钟</span>
            </span>

        </div>
      </header>

    
    
    
    <div class="post-body" itemprop="articleBody">

      
        <h3 id="前言"><a href="#前言" class="headerlink" title="前言"></a>前言</h3><p>文章转载自 <a href="https://www.cnblogs.com/shawhe/p/9485746.html" target="_blank" rel="noopener">linux 防火墙使用以及配置</a>，使用方法大同小异，在此转载一篇做个笔记。</p>
<a id="more"></a>
<h4 id="Centos-7-firewall-："><a href="#Centos-7-firewall-：" class="headerlink" title="Centos 7 firewall ："></a>Centos 7 firewall ：</h4><h5 id="1-firewalld-的基本使用"><a href="#1-firewalld-的基本使用" class="headerlink" title="1. firewalld 的基本使用"></a>1. firewalld 的基本使用</h5><ul>
<li>启动： <code>systemctl start firewalld</code></li>
<li>关闭： <code>systemctl stop firewalld</code></li>
<li>查看状态： <code>systemctl status firewalld</code></li>
<li>开机禁用 ： <code>systemctl disable firewalld</code></li>
<li>开机启用 ： <code>systemctl enable firewalld</code></li>
</ul>
<h5 id="2-systemctl-是-CentOS7-的服务管理工具中主要的工具，它融合之前-service-和-chkconfig-的功能于一体。"><a href="#2-systemctl-是-CentOS7-的服务管理工具中主要的工具，它融合之前-service-和-chkconfig-的功能于一体。" class="headerlink" title="2. systemctl 是 CentOS7 的服务管理工具中主要的工具，它融合之前 service 和 chkconfig 的功能于一体。"></a>2. systemctl 是 CentOS7 的服务管理工具中主要的工具，它融合之前 service 和 chkconfig 的功能于一体。</h5><ul>
<li>启动一个服务：<code>systemctl start firewalld.service</code></li>
<li>关闭一个服务：<code>systemctl stop firewalld.service</code></li>
<li>重启一个服务：<code>systemctl restart firewalld.service</code></li>
<li>显示一个服务的状态：<code>systemctl status firewalld.service</code></li>
<li>在开机时启用一个服务：<code>systemctl enable firewalld.service</code></li>
<li>在开机时禁用一个服务：<code>systemctl disable firewalld.service</code></li>
<li>查看服务是否开机启动：<code>systemctl is-enabled firewalld.service</code></li>
<li>查看已启动的服务列表：<code>systemctl list-unit-files|grep enabled</code></li>
<li>查看启动失败的服务列表：<code>systemctl --failed</code></li>
</ul>
<h5 id="3-配置-firewalld-cmd"><a href="#3-配置-firewalld-cmd" class="headerlink" title="3. 配置 firewalld-cmd"></a>3. 配置 firewalld-cmd</h5><ul>
<li>查看版本：<code>firewall-cmd --version</code></li>
<li>查看帮助：<code>firewall-cmd --help</code></li>
<li>显示状态：<code>firewall-cmd --state</code></li>
<li>查看所有打开的端口：<code>firewall-cmd --zone=public --list-ports</code></li>
<li>更新防火墙规则：<code>firewall-cmd --reload</code></li>
<li>查看区域信息： <code>firewall-cmd --get-active-zones</code></li>
<li>查看指定接口所属区域：<code>firewall-cmd --get-zone-of-interface=eth0</code></li>
<li>拒绝所有包：<code>firewall-cmd --panic-on</code></li>
<li>取消拒绝状态：<code>firewall-cmd --panic-off</code></li>
<li>查看是否拒绝：<code>firewall-cmd --query-panic</code></li>
</ul>
<p><strong>那怎么开启一个端口呢？</strong></p>
<ul>
<li>添加： <code>firewall-cmd --zone=public --add-port=80/tcp --permanent</code> （–permanent 永久生效，没有此参数重启后失效）</li>
<li>重新载入：<code>firewall-cmd --reload</code></li>
<li>查看：<code>firewall-cmd --zone= public --query-port=80/tcp</code></li>
<li><p>删除：<code>firewall-cmd --zone= public --remove-port=80/tcp --permanent</code></p>
</li>
<li><p>调整默认策略（默认拒绝所有访问，改成允许所有访问）：</p>
</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --permanent --zone=public --<span class="built_in">set</span>-target=ACCEPT</span><br><span class="line">firewall-cmd --reload</span><br></pre></td></tr></table></figure>
<ul>
<li>对某个 IP 开放多个端口：</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">firewall-cmd --permanent --add-rich-rule=<span class="string">"rule family="</span>ipv4<span class="string">" source address="</span>10.159.60.29<span class="string">" port protocol="</span>tcp<span class="string">" port="</span>1:65535<span class="string">" accept"</span></span><br><span class="line">firewall-cmd --reload</span><br></pre></td></tr></table></figure>
<h4 id="Centos-6-iptables："><a href="#Centos-6-iptables：" class="headerlink" title="Centos 6 iptables："></a>Centos 6 iptables：</h4><h5 id="1-iptables-的基本使用"><a href="#1-iptables-的基本使用" class="headerlink" title="1. iptables 的基本使用"></a>1. iptables 的基本使用</h5><ul>
<li>启动：<code>service iptables start</code></li>
<li>关闭：<code>service iptables stop</code></li>
<li>查看状态：<code>service iptables status</code></li>
<li>开机禁用：<code>chkconfig iptables off</code></li>
<li>开机启用：<code>chkconfig iptables on</code></li>
</ul>
<h5 id="2-开放指定的端口"><a href="#2-开放指定的端口" class="headerlink" title="2. 开放指定的端口"></a>2. 开放指定的端口</h5><p><code>-A</code> 和 <code>-I</code> 参数分别为添加到规则末尾和规则最前面。</p>
<ul>
<li>允许本地回环接口(即运行本机访问本机)：<code>iptables -A INPUT -i lo -j ACCEPT</code></li>
<li>允许已建立的或相关连的通行：<code>iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT</code></li>
<li>允许所有本机向外的访问：</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br></pre></td><td class="code"><pre><span class="line">iptables -P INPUT ACCEPT</span><br><span class="line">iptables -A OUTPUT -j ACCEPT</span><br></pre></td></tr></table></figure>
<ul>
<li>允许访问 22 端口：</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># -s 后可以跟 IP 段或指定 IP 地址</span></span><br><span class="line">iptables -A INPUT -p tcp --dport 22 -j ACCEPT</span><br><span class="line">iptables -A INPUT -p tcp -s 10.159.1.0/24 --dport 22 -j ACCEPT</span><br></pre></td></tr></table></figure>
<ul>
<li>允许访问 80 端口：<code>iptables -A INPUT -p tcp --dport 80 -j ACCEPT</code></li>
<li>允许 FTP 服务的 21 和 20 端口：</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line">iptables -A INPUT -p tcp --dport 21 -j ACCEPT</span><br><span class="line">iptables -A INPUT -p tcp --dport 20 -j ACCEPT</span><br><span class="line"><span class="comment"># 如果有其他端口的话，规则也类似，稍微修改上述语句就行</span></span><br></pre></td></tr></table></figure>
<ul>
<li>允许 ping：<code>iptables -A INPUT -p icmp -m icmp --icmp-type 8 -j ACCEPT</code></li>
<li>禁止其他未允许的规则访问：</li>
</ul>
<figure class="highlight bash"><table><tr><td class="gutter"><pre><span class="line">1</span><br><span class="line">2</span><br><span class="line">3</span><br></pre></td><td class="code"><pre><span class="line"><span class="comment"># 注：如果 22 端口未加入允许规则，SSH 链接会直接断开。</span></span><br><span class="line">iptables -A INPUT -j REJECT</span><br><span class="line">iptables -A FORWARD -j REJECT</span><br></pre></td></tr></table></figure>
<h5 id="3-屏蔽-IP"><a href="#3-屏蔽-IP" class="headerlink" title="3. 屏蔽 IP"></a>3. 屏蔽 IP</h5><blockquote>
<p>注：如果只是想屏蔽 IP 的话，上述 “2. 开放指定的端口” 可以直接跳过。</p>
</blockquote>
<ul>
<li>屏蔽单个 IP 的命令是：<code>iptables -I INPUT -s 123.45.6.7 -j DROP</code></li>
<li>封整个段(即从 123.0.0.1 到 123.255.255.254)的命令：<code>iptables -I INPUT -s 123.0.0.0/8 -j DROP</code></li>
<li>封 IP 段(即从 123.45.0.1 到 123.45.255.254)的命令：<code>iptables -I INPUT -s 124.45.0.0/16 -j DROP</code></li>
<li>封 IP 段(即从 123.45.6.1 到 123.45.6.254)的命令是：<code>iptables -I INPUT -s 123.45.6.0/24 -j DROP</code></li>
</ul>
<h5 id="4-iptables-的规则"><a href="#4-iptables-的规则" class="headerlink" title="4. iptables 的规则"></a>4. iptables 的规则</h5><h6 id="查看已添加的规则"><a href="#查看已添加的规则" class="headerlink" title="查看已添加的规则"></a>查看已添加的规则</h6><p><code>iptables -L -n</code></p>
<blockquote>
<p>只显示 IP 地址和端口号，不将 IP 解析为域名</p>
</blockquote>
<h6 id="删除已添加的-iptables-的规则"><a href="#删除已添加的-iptables-的规则" class="headerlink" title="删除已添加的 iptables 的规则"></a>删除已添加的 iptables 的规则</h6><p>将所有 iptables 以序号标记显示，执行：</p>
<p><code>iptables -L -n --line-numbers</code></p>
<p>比如要删除 INPUT 里序号为 8 的规则，执行：</p>
<p><code>iptables -D INPUT 8</code></p>
<h5 id="5-可以直接编辑配置文件，添加-iptables-防火墙规则："><a href="#5-可以直接编辑配置文件，添加-iptables-防火墙规则：" class="headerlink" title="5. 可以直接编辑配置文件，添加 iptables 防火墙规则："></a>5. 可以直接编辑配置文件，添加 iptables 防火墙规则：</h5><p>iptables 的配置文件为 <code>/etc/sysconfig/iptables</code></p>
<p>编辑配置文件：</p>
<p><code>vi /etc/sysconfig/iptables</code></p>
<p>文件中的配置规则与通过的 iptables 命令配置，语法相似：</p>
<p>如，通过 iptables 的命令配置，允许访问 80 端口：</p>
<p><code>iptables -A INPUT -p tcp --dport 80 -j ACCEPT</code></p>
<p>那么，在文件中配置，只需要去掉句首的 iptables，添加如下内容：</p>
<p><code>-A INPUT -p tcp --dport 80 -j ACCEPT</code></p>
<p>保存退出。</p>
<p>有两种方式添加规则</p>
<p><code>iptables -A 和iptables -I</code></p>
<p><code>iptables -A</code> 添加的规则是添加在最后面。如针对 INPUT 链增加一条规则，接收从 eth0 口进入且源地址为 192.168.0.0/16 网段发往本机的数据。</p>
<p><code>iptables -A INPUT -i eth0 -s 192.168.0.0/16 -j ACCEPT</code></p>
<p><code>iptables -I</code> 添加的规则默认添加至第一条。</p>
<p>如果要指定插入规则的位置，则使用 <code>iptables -I</code> 时指定位置序号即可。</p>
<p>删除规则</p>
<p>如果删除指定则，使用 <code>iptables -D</code> 命令，命令后可接序号。效果请对比上图。</p>
<p>或 <code>iptables -D</code> 接详细定义；</p>
<p>如果想把所有规则都清除掉，可使用 <code>iptables -F</code>。</p>
<p>备份 iptabes rules</p>
<p>使用 <code>iptables-save</code> 命令，如：</p>
<p><code>iptables-save &gt; /etc/sysconfig/iptables.save</code></p>
<p>恢复 iptables rules</p>
<p>使用 <code>iptables</code> 命令，如：</p>
<p><code>iptables-restore &lt; /etc/sysconfig/iptables.save</code></p>
<p>iptables 配置保存</p>
<p>以上做的配置修改，在设备重启后，配置将丢失。可使用 <code>service iptables save</code> 进行保存。</p>
<p>重启 iptables 的服务使其生效：</p>
<p><code>service iptables save</code></p>
<p>添加规则后保存重启生效。</p>
<p><code>service iptables restart</code></p>
<h4 id="后记"><a href="#后记" class="headerlink" title="后记"></a>后记</h4><p>关于更多的 iptables 的使用方法可以执行：</p>
<p><code>iptables --help</code></p>

    </div>

    
    
    
        

<div>
<ul class="post-copyright">
  <li class="post-copyright-author">
    <strong>本文作者： </strong>蔡胤
  </li>
  <li class="post-copyright-link">
    <strong>本文链接：</strong>
    <a href="https://monocy.gitee.io/2020/07/09/Linux-防火墙的使用和配置（转载）/" title="Linux 防火墙的使用和配置（转载）">https://monocy.gitee.io/2020/07/09/Linux-防火墙的使用和配置（转载）/</a>
  </li>
  <li class="post-copyright-license">
    <strong>版权声明： </strong>本博客所有文章除特别声明外，均采用 <a href="https://creativecommons.org/licenses/by-nc-sa/4.0/" rel="noopener" target="_blank"><i class="fab fa-fw fa-creative-commons"></i>BY-NC-SA</a> 许可协议。转载请注明出处！
  </li>
</ul>
</div>


      <footer class="post-footer">
          
          <div class="post-tags">
              <a href="/tags/Linux/" rel="tag"><i class="fa fa-tag"></i> Linux</a>
          </div>

        


        
    <div class="post-nav">
      <div class="post-nav-item">
    <a href="/2020/06/09/Mysql-的小技巧/" rel="prev" title="Mysql 的小技巧">
      <i class="fa fa-chevron-left"></i> Mysql 的小技巧
    </a></div>
      <div class="post-nav-item">
    <a href="/2020/07/14/iptables-端口转发配置/" rel="next" title="iptables 端口转发配置">
      iptables 端口转发配置 <i class="fa fa-chevron-right"></i>
    </a></div>
    </div>
      </footer>
    
  </article>
  
  
  



          </div>
          
    <div class="comments" id="valine-comments"></div>

<script>
  window.addEventListener('tabs:register', () => {
    let { activeClass } = CONFIG.comments;
    if (CONFIG.comments.storage) {
      activeClass = localStorage.getItem('comments_active') || activeClass;
    }
    if (activeClass) {
      let activeTab = document.querySelector(`a[href="#comment-${activeClass}"]`);
      if (activeTab) {
        activeTab.click();
      }
    }
  });
  if (CONFIG.comments.storage) {
    window.addEventListener('tabs:click', event => {
      if (!event.target.matches('.tabs-comment .tab-content .tab-pane')) return;
      let commentClass = event.target.classList[1];
      localStorage.setItem('comments_active', commentClass);
    });
  }
</script>

        </div>
          
  
  <div class="toggle sidebar-toggle">
    <span class="toggle-line toggle-line-first"></span>
    <span class="toggle-line toggle-line-middle"></span>
    <span class="toggle-line toggle-line-last"></span>
  </div>

  <aside class="sidebar">
    <div class="sidebar-inner">

      <ul class="sidebar-nav motion-element">
        <li class="sidebar-nav-toc">
          文章目录
        </li>
        <li class="sidebar-nav-overview">
          站点概览
        </li>
      </ul>

      <!--noindex-->
      <div class="post-toc-wrap sidebar-panel">
          <div class="post-toc motion-element"><ol class="nav"><li class="nav-item nav-level-3"><a class="nav-link" href="#前言"><span class="nav-number">1.</span> <span class="nav-text">前言</span></a><ol class="nav-child"><li class="nav-item nav-level-4"><a class="nav-link" href="#Centos-7-firewall-："><span class="nav-number">1.1.</span> <span class="nav-text">Centos 7 firewall ：</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#1-firewalld-的基本使用"><span class="nav-number">1.1.1.</span> <span class="nav-text">1. firewalld 的基本使用</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-systemctl-是-CentOS7-的服务管理工具中主要的工具，它融合之前-service-和-chkconfig-的功能于一体。"><span class="nav-number">1.1.2.</span> <span class="nav-text">2. systemctl 是 CentOS7 的服务管理工具中主要的工具，它融合之前 service 和 chkconfig 的功能于一体。</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#3-配置-firewalld-cmd"><span class="nav-number">1.1.3.</span> <span class="nav-text">3. 配置 firewalld-cmd</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#Centos-6-iptables："><span class="nav-number">1.2.</span> <span class="nav-text">Centos 6 iptables：</span></a><ol class="nav-child"><li class="nav-item nav-level-5"><a class="nav-link" href="#1-iptables-的基本使用"><span class="nav-number">1.2.1.</span> <span class="nav-text">1. iptables 的基本使用</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#2-开放指定的端口"><span class="nav-number">1.2.2.</span> <span class="nav-text">2. 开放指定的端口</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#3-屏蔽-IP"><span class="nav-number">1.2.3.</span> <span class="nav-text">3. 屏蔽 IP</span></a></li><li class="nav-item nav-level-5"><a class="nav-link" href="#4-iptables-的规则"><span class="nav-number">1.2.4.</span> <span class="nav-text">4. iptables 的规则</span></a><ol class="nav-child"><li class="nav-item nav-level-6"><a class="nav-link" href="#查看已添加的规则"><span class="nav-number">1.2.4.1.</span> <span class="nav-text">查看已添加的规则</span></a></li><li class="nav-item nav-level-6"><a class="nav-link" href="#删除已添加的-iptables-的规则"><span class="nav-number">1.2.4.2.</span> <span class="nav-text">删除已添加的 iptables 的规则</span></a></li></ol></li><li class="nav-item nav-level-5"><a class="nav-link" href="#5-可以直接编辑配置文件，添加-iptables-防火墙规则："><span class="nav-number">1.2.5.</span> <span class="nav-text">5. 可以直接编辑配置文件，添加 iptables 防火墙规则：</span></a></li></ol></li><li class="nav-item nav-level-4"><a class="nav-link" href="#后记"><span class="nav-number">1.3.</span> <span class="nav-text">后记</span></a></li></ol></li></ol></div>
      </div>
      <!--/noindex-->

      <div class="site-overview-wrap sidebar-panel">
        <div class="site-author motion-element" itemprop="author" itemscope itemtype="http://schema.org/Person">
    <img class="site-author-image" itemprop="image" alt="蔡胤"
      src="/images/avatar.jpg">
  <p class="site-author-name" itemprop="name">蔡胤</p>
  <div class="site-description" itemprop="description">Just do IT!</div>
</div>
<div class="site-state-wrap motion-element">
  <nav class="site-state">
      <div class="site-state-item site-state-posts">
          <a href="/archives/">
        
          <span class="site-state-item-count">61</span>
          <span class="site-state-item-name">日志</span>
        </a>
      </div>
      <div class="site-state-item site-state-categories">
            <a href="/categories/">
          
        <span class="site-state-item-count">15</span>
        <span class="site-state-item-name">分类</span></a>
      </div>
      <div class="site-state-item site-state-tags">
            <a href="/tags/">
          
        <span class="site-state-item-count">31</span>
        <span class="site-state-item-name">标签</span></a>
      </div>
  </nav>
</div>
  <div class="links-of-author motion-element">
      <span class="links-of-author-item">
        <a href="https://github.com/kazehaiya" title="GitHub → https://github.com/kazehaiya" rel="noopener" target="_blank"><i class="fab fa-github fa-fw"></i></a>
      </span>
      <span class="links-of-author-item">
        <a href="mailto:c763416559@163.com" title="Mail → mailto:c763416559@163.com" rel="noopener" target="_blank"><i class="fa fa-envelope fa-fw"></i></a>
      </span>
      <span class="links-of-author-item">
        <a href="https://weibo.com/Nora_Monocy" title="Weibo → https://weibo.com/Nora_Monocy" rel="noopener" target="_blank"><i class="fab fa-weibo fa-fw"></i></a>
      </span>
  </div>


  <div class="links-of-blogroll motion-element">
    <div class="links-of-blogroll-title"><i class="fa fa-link fa-fw"></i>
      友情链接
    </div>
    <ul class="links-of-blogroll-list">
        <li class="links-of-blogroll-item">
          <a href="http://liujinkai.com/" title="http://liujinkai.com/" rel="noopener" target="_blank">凯凯刘</a>
        </li>
        <li class="links-of-blogroll-item">
          <a href="https://weekly.75team.com/" title="https://weekly.75team.com/" rel="noopener" target="_blank">奇舞周刊</a>
        </li>
        <li class="links-of-blogroll-item">
          <a href="https://75.team/post/list" title="https://75.team/post/list" rel="noopener" target="_blank">奇舞团博客</a>
        </li>
        <li class="links-of-blogroll-item">
          <a href="https://tech.meituan.com/" title="https://tech.meituan.com/" rel="noopener" target="_blank">美团技术团队</a>
        </li>
        <li class="links-of-blogroll-item">
          <a href="https://tech.youzan.com/" title="https://tech.youzan.com/" rel="noopener" target="_blank">有赞技术团队</a>
        </li>
        <li class="links-of-blogroll-item">
          <a href="https://kalacloud.com" title="https://kalacloud.com" rel="noopener" target="_blank">卡拉云</a>
        </li>
    </ul>
  </div>

      </div>
        <div class="back-to-top motion-element">
          <i class="fa fa-arrow-up"></i>
          <span>0%</span>
        </div>

    </div>
  </aside>
  <div id="sidebar-dimmer"></div>


      </div>
    </main>

    <footer class="footer">
      <div class="footer-inner">
        

        
  <div class="beian"><a href="https://beian.miit.gov.cn" rel="noopener" target="_blank">京ICP备2020036147号-1 </a>
      <img src="/images/beian.png" style="display: inline-block;"><a href="http://www.beian.gov.cn/portal/registerSystemInfo?recordcode=42011702000651" rel="noopener" target="_blank">鄂公网安备 42011702000651 号 </a>
  </div>

<div class="copyright">
  
  &copy; 2018 – 
  <span itemprop="copyrightYear">2022</span>
  <span class="with-love">
    <i class="fa fa-dragon"></i>
  </span>
  <span class="author" itemprop="copyrightHolder">蔡胤</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-chart-area"></i>
    </span>
      <span class="post-meta-item-text">站点总字数：</span>
    <span title="站点总字数">101k</span>
    <span class="post-meta-divider">|</span>
    <span class="post-meta-item-icon">
      <i class="fa fa-coffee"></i>
    </span>
      <span class="post-meta-item-text">站点阅读时长 &asymp;</span>
    <span title="站点阅读时长">1:32</span>
</div>

        








      </div>
    </footer>
  </div>

  
  <script src="/lib/anime.min.js"></script>
  <script src="//cdn.jsdelivr.net/gh/theme-next/theme-next-pjax@0/pjax.min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/medium-zoom@1/dist/medium-zoom.min.js"></script>
  <script src="//cdn.jsdelivr.net/npm/lozad@1/dist/lozad.min.js"></script>
  <script src="/lib/velocity/velocity.min.js"></script>
  <script src="/lib/velocity/velocity.ui.min.js"></script>
<script src="/js/utils.js"></script><script src="/js/motion.js"></script>
<script src="/js/schemes/pisces.js"></script>
<script src="/js/next-boot.js"></script>
  <script>
var pjax = new Pjax({
  selectors: [
    'head title',
    '#page-configurations',
    '.content-wrap',
    '.post-toc-wrap',
    '.languages',
    '#pjax'
  ],
  switches: {
    '.post-toc-wrap': Pjax.switches.innerHTML
  },
  analytics: false,
  cacheBust: false,
  scrollTo : !CONFIG.bookmark.enable
});

window.addEventListener('pjax:success', () => {
  document.querySelectorAll('script[data-pjax], script#page-configurations, #pjax script').forEach(element => {
    var code = element.text || element.textContent || element.innerHTML || '';
    var parent = element.parentNode;
    parent.removeChild(element);
    var script = document.createElement('script');
    if (element.id) {
      script.id = element.id;
    }
    if (element.className) {
      script.className = element.className;
    }
    if (element.type) {
      script.type = element.type;
    }
    if (element.src) {
      script.src = element.src;
      // Force synchronous loading of peripheral JS.
      script.async = false;
    }
    if (element.dataset.pjax !== undefined) {
      script.dataset.pjax = '';
    }
    if (code !== '') {
      script.appendChild(document.createTextNode(code));
    }
    parent.appendChild(script);
  });
  NexT.boot.refresh();
  // Define Motion Sequence & Bootstrap Motion.
  if (CONFIG.motion.enable) {
    NexT.motion.integrator
      .init()
      .add(NexT.motion.middleWares.subMenu)
      .add(NexT.motion.middleWares.postList)
      .bootstrap();
  }
  NexT.utils.updateSidebarPosition();
});
</script>




  




  <script src="/js/local-search.js"></script>












    <div id="pjax">
  

  


<script>
NexT.utils.loadComments(document.querySelector('#valine-comments'), () => {
  NexT.utils.getScript('//cdn.jsdelivr.net/npm/valine@1/dist/Valine.min.js', () => {
    var GUEST = ['nick', 'mail', 'link'];
    var guest = 'nick,mail';
    guest = guest.split(',').filter(item => {
      return GUEST.includes(item);
    });
    new Valine({
      el         : '#valine-comments',
      verify     : true,
      notify     : true,
      appId      : 'GkgJm97N3UFm2mRb1eFcP2dn-gzGzoHsz',
      appKey     : 'kJ8tYUUkX4ifhWha8rjnxWS8',
      placeholder: "请不要吝惜你的笔头，来说点什么吧！",
      avatar     : 'mm',
      meta       : guest,
      pageSize   : '10' || 10,
      visitor    : false,
      lang       : 'zh-cn' || 'zh-cn',
      path       : location.pathname,
      recordIP   : true,
      serverURLs : ''
    });
  }, window.Valine);
});
</script>

    </div>
<script src="/live2dw/lib/L2Dwidget.min.js?094cbace49a39548bed64abff5988b05"></script><script>L2Dwidget.init({"pluginRootPath":"live2dw/","pluginJsPath":"lib/","pluginModelPath":"assets/","tagMode":false,"debug":false,"model":{"jsonPath":"/live2dw/assets/Epsilon2.1.model.json"},"display":{"position":"right","width":150,"height":300},"mobile":{"show":true,"scale":0.5},"react":{"opacity":0.7},"log":false});</script></body>
</html>
